23 September 2007

There have been a few recent
news
stories
on privacy leaks via
peer-to-peer filesharing networks. These stories are often accompanied by
moralistic warnings that peer-to-peer is inherently dangerous, and that
opening oneself up to identity theft is
the just
consequence of using such softwware:

"Either the software is buggy, in which case you're hosed,
or it's malicious to begin with," Stickley concluded. "Most
packages are generally designed for theft, and I'd say 95
percent of the time users install them in the first place
is to steal something. It comes back to bite you in the
end."

There is a danger, and it is somewhat linked to the copyright wars, but
the actual link is more complex than that.

In most peer-to-peer packages, you can share your files as well as
downloading files shared by others. The problem is what you share:
the defaults are often not what you want.

Generally, people who are interested in music want to share —
and retrieve — .mp3 files.
Similarly, those who are interested in
movies want .avi files. The former might be stored in the
My Music folder; either might be stored in an
iTunes folder.
It would be no trouble at all for the authors of file-sharing programs to
set these as the default file types
or upload locations. However, if they did that, it
would be used as evidence that the primary purpose of these programs was
illegal distribution of copyrighted materials — which, of course, is
their primary purpose, but they don't want to admit it.

The problem, though, is not the technology. Time-Warner, a major content
owner, is itself
using
peer-to-peer technology to distribute its own movies. Similarly,
NASA
uses it to
distribute large image files. The technology isn't illegal;
the way it is used often is. Regardless,
the central problem is configuration. One wonders if
users of these services "deserve" what they get.

Configuration of any sort of file distribution mechanism is hard.
Remarkably many confidential documents belonging to high-tech companies
are freely downloadable on the Web, and are indexed by search engines.
Try it — ask your favorite search engine for documents of type
.xls (Excel spreadsheets), .doc (Word documents),
.pdf, etc., containing the word "Confidential" and hosted on that
company's web site. Is running a web site wrong?

Why is configuration hard? Fundamentally, it's just another piece of
the user interface problem. Users, even sophisticated ones, frequently
don't understand the consequences of the decisions they make, even when
the software is easy to use. And of course, far too much software is hard
to use. The profession needs to learn to write better software,
software that's hard to misconfigure. That isn't an easy problem.